With this release StopSign totally shakes off any trace of its old, tarnished reputation. It's now clearly focused on removing malware and keeping out new infestations. The problem is, it does really, really bad job.

In a 2003 article covering scareware and other fake utilities, I warned of a tool called StopSign that attempted to disable valid antivirus products. Since that time StopSign's publisher has straightened out. Spyware Warrior and others have removed it from their "rogue" lists. eAcceleration executives admit they made some mistakes back in the day, but they assure me that StopSign Internet Security 1.0 ($49.95/year direct for two licenses) is thoroughly well-behaved. One little problem derails this lovely story of redemption, though. While it's not sneaky or malicious, StopSign also isn't remotely effective as an antivirus.

//Compare Similar Products

Normally I'd peruse results from the big independent testing labs to see how they conform to (or differ from) my own results. Since StopSign hasn't been submitted for testing to any of those labs, my own tests will have to tell the full story.

Busy Installation
Installation went quickly on my malware-infested test systems. The malware didn't fight back as it has in other instances. On completing installation, the product immediately ran a quick scan. This scan managed to find something alarming on every single one of the systems, though in many cases it identified the now-useless malware installer file without detecting the actual virulent threat itself.

On completing the initial scan, StopSign displays a big warning screen listing what it found with numerous buttons and links to "cure now." These links take you to a purchase page, naturally. Yes, this behavior is superficially similar to that of scareware, but it's not the same. StopSign really did detect actual malware. PC Tools Spyware Doctor with AntiVirus 2011 ($39.95 direct for three licenses, 4 stars) offers a similar scan-only free edition that reports found threats but requires payment before removing them.

To continue testing, I simply closed the warning window and entered an activation code. I was mildly surprised to find that doing so did not enable real-time protection. To get that feature working, I had to actively download and enable it.

On the plus side, when I launched a scan after activation, the product offered to clean up the threats found in the previous scan. I was happy to avoid repeating that scan, but I found the cleanup process to be unnecessarily lengthy. After I confirmed that it should clean up the threats found earlier, it asked for a second confirmation. On completing the scan, StopSign asked me how it should handle lower-risk threats. When I accepted the default, StopSign asked me to confirm that choice. On completion, StopSign reported success and then displayed a separate window with statistics. I counted at least seven distinct steps requiring user interaction, which seems extreme.

Ineffective Cleanup
Once all the test systems had gone through this initial cleanup, I went back and launched a full scan. It reported the first three systems I tried to be already clean, which was demonstrably not the case. I checked with eAcceleration and learned that I should uncheck a box that limits scanning to files modified in the last 30 days.

On one hand, since all of the threats in my test systems are a few months old, it made sense that the product would miss them with this setting enabled. On the other hand, any user installing the product for the first time might well be suffering from threats older than 30 days. It's a bad choice for a default setting.

I did find that a full scan on my standard clean system took almost twice as long as the current average. Conceivably setting it to skip older files might have produced a speedier (but less secure) scan.

Even after the configuration fix, StopSign found absolutely nothing more to clean up on almost half of the test systems. That could mean that the install scan was incredibly effective, but it doesn't. This program's performance is the worst I've seen in quite some time.

There was one bright spot in the gloom. StopSign reported a need to submit one particular sample to eAcceleration for a "custom cure." I got an e-mail confirmation that the sample was received and another e-mail the next day reporting that the cure was ready. When I powered up the affected system StopSign quickly downloaded and applied the custom cure, which thoroughly wiped out the threat.

Of those threats it did manage to detect, StopSign left behind many malware traces and executable files. A few detected threats were visibly running after their supposed removal. Its 4.4 point score for malware cleanup is dismal. Spyware Doctor with 7.8 points and Norton AntiVirus 2011 ($39.99 direct, 4.5 stars) with 7.9 scored highest in this test.

I give less weight to a separate test using commercial keyloggers in place of actual malware, since some vendors opt not to detect these as malicious. StopSign detected just 21 percent of them and scored 1.3 points, the lowest keylogger score of recent products.

I break out a separate rootkit removal score based on samples from both the malware and keylogger collections that use rootkit technology. Here, too, StopSign landed at the bottom, detecting 33 percent of the rootkits and scoring 1.4 points. Over half of the current products detected every single rootkit. Spyware Doctor was most effective at removing them, with 9.1 points.

Ironically, the one category in which StopSign scored nearer to the middle than the bottom was removal of scareware. It detected 63 percent of the scareware samples and cleaned up their traces fairly effectively, earning 5.3 points. However, Ad-Aware Pro managed 8.4 points against this same collection. For full details on how I calculate malware removal scores see How We Test Malware Removal.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service